---
title: Get Compliance Report
description: 'Author: Yongle, Allen'
---

From the moment Dify.AI launched its product, it received inquiries from individual developers and enterprise users worldwide regarding **whether Dify.AI meets information security and data privacy compliance requirements.** Consequently, the team has strictly followed industry standards from the design phase onward, gradually establishing a comprehensive information security and data privacy compliance management system.

Dify.AI has officially obtained **SOC 2 Type I, SOC 2 Type II, ISO 27001:2022, and GDPR certifications**, demonstrating that the product has reached internationally leading standards in data security, privacy protection, and compliance. This milestone further underscores Dify.AI's unwavering commitment to user data security.

If you are using Dify’s cloud version as part of your vendor security evaluation, click the **top-right corner** of the page, select **Compliance**, and download the necessary reports to review Dify's compliance and certification documents.

For Enterprise customers, if you want to check the compliance certificates and reports, please contact your account representative to initiate the appropriate business process.

### Compliance Reports Availability

Different team tiers have access to the following compliance certifications:

<table>
  <thead>
    <tr>
      <th>Certification Type</th>
      <th>Free / Sandbox</th>
      <th>Professional</th>
      <th>Enterprise</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <td>SOC 2 Type I Report</td>
      <td>-</td>
      <td>✅</td>
      <td>✅</td>
    </tr>
    <tr>
      <td>SOC 2 Type II Report</td>
      <td>-</td>
      <td>-</td>
      <td>✅</td>
    </tr>
    <tr>
      <td>ISO 27001:2022 Certificate</td>
      <td>-</td>
      <td>-</td>
      <td>✅</td>
    </tr>
    <tr>
      <td>GDPR Data Protection Agreement</td>
      <td>✅</td>
      <td>✅</td>
      <td>✅</td>
    </tr>
  </tbody>
</table>
> For access to higher-level compliance certifications, please upgrade your team on the [Pricing](https://dify.ai/pricing) page.

The following explains how to obtain various compliance certification reports.

#### **SOC 2 Type I Report**

A **SOC 2 Type I** report is a third-party audit report that evaluates and confirms the design and implementation of an organization's security controls at a specific point in time. SOC 2, which stands for **System and Organization Controls 2**, is a set of criteria for managing and protecting data based on five trust service principles: **Security, Availability, Processing Integrity, Confidentiality, and Privacy**. The Type I report specifically assesses whether an organization has appropriate controls in place to meet the relevant criteria at the time of the audit.

Only team owners can download Dify's SOC 2 Type I report via **Top-right → Compliance**.

![SOC 2 Type I Report](https://assets-docs.dify.ai/2025/02/552f4358bea904c4bf12a131a410916c.png)

#### **SOC 2 Type II Report**

A **SOC 2 Type II** report is a third-party audit report that evaluates and confirms the design and implementation of an organization's security controls over a specified period. SOC 2, which stands for **System and Organization Controls 2**, is a set of criteria for managing and protecting data based on five trust service principles: **Security, Availability, Processing Integrity, Confidentiality, and Privacy**. The Type II report provides detailed insights into how well an organization’s security controls work over time, giving stakeholders confidence that the organization consistently adheres to industry standards for managing sensitive data.

Only team owners can download Dify's SOC 2 Type I report via **Top-right → Compliance**.

![SOC 2 Type <strong>II</strong> Report](https://assets-docs.dify.ai/2025/02/06975e86faba9928a11c962a57aa454f.png)

**ISO 27001: 2022 Certificate**

The **ISO 27001:2022** certificate is an internationally recognized standard for **information security management systems (ISMS)**. It is part of the **ISO/IEC 27000 family of standards**, which focuses on protecting sensitive information through a comprehensive set of security controls. The ISO 27001:2022 standard is designed to help organizations establish, implement, maintain, and continually improve their information security management system. The **2022** version of the standard reflects the latest updates and best practices in information security, aligning with current security challenges and technological advancements. It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability through the implementation of risk management and security controls.

![<strong>ISO 27001: 2022 Certificate</strong>](https://assets-docs.dify.ai/2025/02/7aaf7771af28bf7182bf7fda40c7b5bb.png)

#### **GDPR Data Protection Agreement**

A **Data Protection Agreement (DPA)** is a legally binding contract between a **data controller** and a **data processor** under the General Data Protection Regulation (**GDPR**). The GDPR, which came into effect in May 2018, sets out the legal framework for data protection within the European Union (EU), and applies to organizations that process personal data of EU residents. A DPA is required when a data controller engages a third-party processor to handle personal data, ensuring that both parties are in compliance with GDPR obligations and safeguarding the rights of individuals whose data is being processed.

**Everyone** can Download Dify's DPA in our official website.

![DPA](https://assets-docs.dify.ai/2025/02/291cddb3bf9dfd8c92967eabb87b95a0.png)

{/*
Contributing Section
DO NOT edit this section!
It will be automatically generated by the script.
*/}

<CardGroup cols="2">
    <Card
        title="Edit this page"
        icon="pen-to-square"
        href="https://github.com/langgenius/dify-docs-mintlify/edit/main/en/policies/agreement/get-compliance-report.mdx"
    >
        Help improve our documentation by contributing directly
    </Card>
    <Card
        title="Report an issue"
        icon="github"
        href="https://github.com/langgenius/dify-docs-mintlify/issues/new?title=Documentation%20Issue%3A%20ompliance-rep&body=%23%23%20Issue%20Description%0A%3C%21--%20Please%20briefly%20describe%20the%20issue%20you%20found%20--%3E%0A%0A%23%23%20Page%20Link%0Ahttps%3A%2F%2Fgithub.com%2Flanggenius%2Fdify-docs-mintlify%2Fblob%2Fmain%2Fen/policies/agreement%2Fget-compliance-report.mdx%0A%0A%23%23%20Suggested%20Changes%0A%3C%21--%20If%20you%20have%20specific%20suggestions%20for%20changes%2C%20please%20describe%20them%20here%20--%3E%0A%0A%3C%21--%20Thank%20you%20for%20helping%20improve%20our%20documentation%21%20--%3E"
    >
        Found an error or have suggestions? Let us know
    </Card>
</CardGroup>
